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DETAILED ACTION 
Status of the Claims 

1. This action is in response to tlie application filed on October 16, 2001 . Claims 1-18 
are pending. 

Claim Objections 

2. Claim 9 is objected to because of the following informalities: In line 2 of claim 9, the 
word "provide" should be deleted. Appropriate correction is required. 

3. Claims 8-10 are objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. Claims 8-10 should further 
limit the system of claim 1 , not "an stand-alone application" or "an application". 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more clainns particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 1-18 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

As to claim 1 , it is not clear what "at least one authentication product" and "a 
security architecture" refer to. Do they refer to software pro se? Or do they refer to 
software and hardware, such as software that embodied in a computer-readable media. 
For examining purpose, "at least one authentication product" is interpreted as software 
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pro se because from its dependent claim 7, it appears that "at least one authentication 
product" does not comprise or embodied in hardware. Furthermore, "a security 
architecture" is interpreted as software pro se because the word "architecture" can be 
defined as the design of application software according to Microsoft Press Computer 
Dictionary Third Edition (1997, ISBN 1 -57231 -446-X). 

Claims 2-18 are rejected for incorporating the errors of their respective base 
claim by dependency. 

Claim 3 recites "the product" in line 1 . It is not clear whether "the product" refers 
to the "software product" in line 1 of claim 1 , or the "at least one authentication product" 
in line 2 of clainh 1. 

Claim 8 recites the limitation " the authentication architecture " in lines 1-2. 
There is insufficient antecedent basis for this limitation in the claim. It is not clear that 
"the authentication architecture" refers to "at least one authentication product" of claim 
1 , or "a security architecture" of claim 1 , or something else. 

Claim 9 recites the limitation " the architecture " in lines 1-2. There is insufficient 
antecedent basis for this limitation in the claim. It is not clear that "the architecture" 
refers to "a security architecture" of claim 1 , or "the authentication architecture" of claim 
8, or something else. 

6. Claim 3 contains the trademark/trade name Java. Where a trademark or trade name 
is used in a claim as a limitation to identify or describe a particular material or product, 
the claim does not comply with the requirements of 35 U.S.C. 112, second paragraph. 
See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain 
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since the tradennark or trade name cannot be used properly to identify any particular 
material or product. A trademark or trade name is used to identify a source of goods, 
and not the goods themselves. Thus, a trademark or trade name does not identify or 
describe the goods associated with the trademark or trade name. In the present case, 
the trademark/trade name is used to identify/describe product and, accordingly, the 
identification/description is indefinite. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

8. Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

As to claims 1-18, the claimed system comprises only the software, such as "at 
least one authentication product", "a security architecture", "a profile application", etc. 
Although these software are functional descriptive material, the claims are directed to 
non-statutory subject matter because they are not embodied in computer-readable 
medium. See MPEP 2106 IV B 1(a). 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
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351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 1-3, 5-6, 8, 10 and 18 are rejected under 35 U.S.C. 102(e) as being 
anticipated byAlegre et a!., U. S. Patent 6,199.113. 

As to claim 1 , Alegre teaches a system for user identity management and 
software product distribution comprising (abstract and column 4 lines 25-42 and Fig. 2): 

a) At least one authentication product (column 4 line 25-42 and Figs. 2, 9; 
specifically, "at least one authentication product" corresponds to authentication 
server); 

b) A security architecture capable of protecting the system (Fig. 2); 

c) Wherein the at least one authentication product is capable of servicing at 
least one external source (column 4 lines 40-42 and Fig. 2). 

As to claim 2, Alegre teaches a profile application capable of maintaining an 
online electronic profile for each external source wherein the profile application is 
accessible by external source system users and end users (column 4 lines 25-42 and 
column 6 lines 31-33 and Fig. 2; specifically, the profile application corresponds to user 
access profile). 

As to claim 3, Alegre teaches the product comprises a series of platform- 
independent Java based application (column 8 lines 54-65). 

As to claim 5, Alegre teaches the security architecture is capable of encrypting of 
transmitted data for security against spoofing (column 7 lines 32-35). 
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As to claim 6, Alegre teaches the system is capable of keep tracking of 
authentication device and ownership/assignments to a plurality of external access 
sources and their end users (column 6 lines 65-67 and column 8 lines 28-35). 

As to claim 8, Alegre teaches a stand-alone application of the system of claim 1 
wherein the authentication architecture is capable of providing user authentication and 
access control as separate functions autonomous from the system of claim 1 (column 5 
lines 48-58 and Fig. 5; specifically, "a stand-alone application" corresponds to the web 
server as shown in Fig. 5, and 'the authentication architecture" corresponds to the 
structures as shown in Fig. 5). 

As to claim 10, Alegre teaches an application using the system of claim 1 , 
wherein the system is capable of being deployed completely on a client's site, wherein 
the client comprises a client server, in which the client server is capable of functioning 
as a server application independent of the system of claim 1 (column 4 lines 25-30 and 
column 5 lines 8-20, 48-58 and Figs. 2-3, 5; specifically, "client server" corresponds to 
the web server as shown in Figs. 2, 5). 

As to claim 18, Alegre teaches the system is capable of managing and tracking 
specific and group end-user access authorizations to digital content and process for 
each external source (column 6 lines 65-67 and column 8 lines 28-35 and Fig. 14). 

Claim Rejections - 35 (JSC § 103 
11. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 



Application/Control Number: 09/981 ,251 Page 7 

Art Unit: 3621 

invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. This application currently names joint inventors. In considering patentability of the 
claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the 
various claims was commonly owned at the time any inventions covered therein were 
made absent any evidence to the contrary. Applicant is advised of the obligation under 
37 CFR 1 .56 to point out the inventor and invention dates of each claim that was not 
commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

1 3. Claims 4, 9 and 11-17 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Alegre et al., U. S. Patent 6,199,1 13 in view of Pearce etal., U. S. Patent 
6,243,468. 

As to claim 4, Alegre teaches the security architecture is capable of automatic 
encoding of transmitted data (column 7 lines 32-35). Alegre does not specifically teach 
encoding transmitted data using unique hashing routines . However, Pearce teaches 
encoding transmitted data using unique hashing routines (column 6 lines 41-47 and Fig. 
2). It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to allow the transmitted data in Alegre's teaching to be encoded using unique 
hashing routines for better protecting the transmitted data from piracy. 

As to claim 9, Alegre teaches the stand-alone application, and protecting the 
transmitted data as discussed above. Alegre does not specifically teach the at least 
one authentication product and the architecture are capable of providing software piracy 
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management to software manufacturers distributing application product via CD-ROM or 
a wide area network. However, Pearce teaches authentication product and security 
architecture are capable of providing software piracy management to software 
manufacturers distribution application product via CD-ROM or a wide area network 
(column 1 line 66 - column 2 line 8 and column 3 line 66 - column 4 line 10, 21-25 and 
Figs. 1-2). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to allow the authentication product and the architecture in Alegre's 
teaching to include the feature of capable providing software piracy management to 
software manufacturers distribution application product via CD-ROM or a wide area 
network for conveniently distributing the transmitted data and better protecting the 
transmitted data from piracy. 

As to claims 11-16, Alegre teaches a system for securely distributing software as 
discussed above. Alegre does not specifically teach the system is capable of reading 
CD-ROM content remotely via a wide area network, providing CD media-based copy 
protection, validating the CD media, providing CD media authentication remotely via a 
wide area network, providing embedded, encrypted serialization of CD media, providing 
anti-piracy protection to electronic distributed software, and using CD media developed 
with anti-piracy technology as effective user authentication devices. However, Pearce 
teaches this matter (column 1 line 66 - column 2 line 8 and column 3 line 66 - column 4 
line 10, 21-26 and column 5 lines 20-45 and column 7 lines 8-40 and Figs. 1-2, 5), It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to allow the system in Alegre's teaching to include the features of reading CD- 
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ROM content remotely via a wide area network, providing CD media-based copy 
protection, validating the CD media, providing CD media authentication remotely via a 
wide area network, providing embedded, encrypted serialization of CD media, providing 
anti-piracy protection to electronic distributed software, and using CD media developed 
with anti-piracy technology as effective user authentication devices because this would 
allow the distributed software to be conveniently and securely delivered to users, and at 
meanwhile, it also prevents software piracy. 

As to claim 17, Alegre teaches a system for securely distributing software as 
discussed above. Alegre does not specifically teach the system is capable of bundling 
full products and license packs on at least one CD-ROM. However, Alegre teaches 
bundling full products and license packs on a CD-ROM (column 1 line 66 - column 2 
line 8 and Fig. 1 ). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to allow the system in Alegre's teaching to include the 
feature of bundling full products and license packs on a CD-ROM because this would 
allow the products and their associated information to be conveniently delivered to 
users. 

14. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Alegre et al., 
U. S. Patent 6,199,113 in view of Reardon, U. S. Patent 6,212,635. 

As to claim 7, Alegre teaches the authentication product comprising: 

a) A username (column 4 lines 25-40; specifically, "username" corresponds to 
user ID)] 

b) A password (column 4 lines 25-40); 
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c) An authentication device (column 4 lines 25-40; specifically, "authentication 
device" corresponds to authentication server); 

d) Wherein the authentication device is selected from group consisting of 
software token (column 4 lines 25-31). 

Alegre does not specifically teach the authentication device is selected from 
group consisting of key chain tokens, and tokens capable being read by a Smart Card 
Reader. However, this matter is taught by Reardon as an authentication device is 
selected from group consisting of key chain tokens, and tokens capable being read by a 
token reader (column 9 lines 54-65 and column 17 lines 36-40 and Fig. 1). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to allow the authentication device in Alegre's teaching to include key chain tokens, and 
tokens capable being read by a token reader as taught by Reardon for better protecting 
the authentication product from authorized access. 

Conclusion 

15. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Schneck et al. (U. S. Patent 5,933,498) discloses control access of the 
distributed data. 

Win et al. (U. S. Patent 6,161,139) discloses administrative roles governing 
access to administrative functions. 

Larsson et al. (U. S. Patent 6,226,747) discloses preventing software piracy. 
Saito et al. (JP 11355858 A) discloses encrypting distributed information. 
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Inquire 

Any inquiry concerning this comnnunication or earlier communications from tlie 
examiner should be directed to Mary Cheung whose telephone number is (703)-305- 
0084. The examiner can normally be reached on Monday - Thursday from 8:00 AM to 
5:30 PM. The examiner can also be reached on alternate Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell, can be reached on (703) 305-9768. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-308- 
1113. 

The fax phone number for the organization where this application or proceedings 
is assigned are as follows: 

(703) 872-9306 (Official Communications; including After Final 

Communications labeled "BOX AF") 
(703) 746-561 9 (Draft Communications) 

Hand delivered responses should be brought to Crystal Park 5, 2451 Crystal 
Drive, 7^*^ Floor Receptionist. 



Mary Cheung ^^^v^w^^,..^^ 
Patent Examiner ^ ^ 
Art Unit 3621 
February 12, 2004 



